Plexe
Validation

Request validation rules used by the API

These rules are taken from the controller checks, data annotations, and FluentValidation validators in the current endpoint code.

How validation is returned

Missing route, query, and body inputs marked with [Required] return 400 Bad Request.

FluentValidation failures return the validator error collection directly in the response body.

Controller checks return plain-text 400 messages such as Application id is invalid, Zipcode is required to create application., or Submitted document is empty.

Identifier values are expected to be non-empty GUIDs where the route or query parameter is named applicationId, customerId, partnerId, loanId, applicantId, or supportingDocumentId.

Customers and users

Request Required fields Additional rules
UserRequest firstName, lastName, email, mobileNumber, password Names max 50 characters. Email must be valid and max 50 characters. Mobile must contain exactly 10 digits after non-digits are removed. Password must be 8+ characters with uppercase, lowercase, and a digit.
List<UserRequest> bulk create email, firstName, lastName, mobileNumber, password Bulk user names are max 30 characters. Email must be valid and max 50 characters.

Applications

Endpoint or request Required data Controller checks
create-customer-and-application customer must pass UserRequest rules. businessZip is copied into extraInformation.zipcode. If no zipcode exists, the endpoint returns Zipcode is required to create application.
create-customer-and-application-and-applicant customer must pass UserRequest rules. Requires extraInformation.zipcode and extraInformation.ssn. businessZip may supply the zipcode.
create-application and create-application-and-applicant customerId customerId must be a non-empty GUID. Requires extraInformation.zipcode, or businessZip so the endpoint can add it.
List<ApplicationRequest> bulk create businessName, extraInformation businessName is max 30 characters.
update-customer-data/{applicationId} firstname, lastname, address, state, city, ssn, mobile, dateOfBirth applicationId must be a non-empty GUID.

Banking data

BankingDataRequest validates each item in bankAccounts.

Object Required fields Notes
BankAccountRequest accountName, accountNumber, accountType, bank, currentBalance, availableBalance, routing Each transaction is validated when included.
TransactionRequest amount, date Used by add-or-update-banking-data and quick-test.

Approval and applicant data

Request Required fields Additional rules
CompanyDataRequest businessTaxId, businessName, entityType, zipCode, city businessName and entityType are max 30 characters.
PrimaryApplicantRequest email, mobile, name, driversLicense Email must be valid and max 50 characters. Name max 30 characters.
SecondaryApplicantRequest email, miscellaneousData, mobile, name, driversLicense Email must be valid and max 50 characters. Name max 30 characters.
DrivingLicenseRequest address, cardNumber, city, dateOfBirth, expiryDate, issuingState, name cardNumber max 20 characters. city and name max 30 characters.
BankFeedAccountRequest id, accountId, accountNumber, accountHolder, accountType, name, bsb, balance, available, selected, slug, enabled, archived accountId, accountNumber, and slug are max 20 characters. accountHolder, accountType, and name are max 30 characters.
SignaturesRequest ipAddress, mimeType, signature, signature2 Both signature byte arrays must be present and non-empty. The signing endpoint also rejects expired offers.

Calculations, loans, and withdrawals

Request Required fields Additional rules
SliderRequest amount amount must not be empty.
CalculationRequest amount, terms terms must be between 7 and 52 inclusive.
LineOfCreditWithdrawalRequest and InvoiceWithdrawalRequest calculation The nested calculation must pass CalculationRequest rules. Withdrawal endpoints also reject amounts greater than available balance.
WithdrawLineRequest advanceRate, amount, dateUTC, terms amount must be greater than 0. terms must be between 7 and 52 inclusive.
WithdrawInvoiceRequestData advanceRate, amount, dateUTC, otp Loan id route values must be non-empty GUIDs.

Communication, webhooks, and uploads

Area Required data Additional rules
Communication applicationId, contents, user applicationId must be a non-empty GUID. user is max 30 characters. Message list endpoints cap take at 200 records.
Webhook registration webhookSubscription body. webhookUri is required for URI update. Most webhook routes accept either partnerId or customerId. Missing webhook bodies are rejected with Webhook subscription is required.
Document upload applicationId, fileData, fileType, fileName. Required-document upload also requires supportingDocumentId. fileData must be non-empty and no larger than 15 MB. Upload endpoints reject expired offers.